Exploitdb Exploits

2,809 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-6158 EXPLOITDB perl VERIFIED
w3b>cms < 3.2.0 - Multiple Unspecified Vulnerabilities in Admin Backend
Multiple unspecified vulnerabilities in the admin backend in w3b>cms (aka w3blabor CMS) before 3.2.0 have unknown impact and remote attack vectors.
by DNX
EIP-2026-117759 EXPLOITDB perl VERIFIED
PEiD 0.92 - '.PE' File Universal Buffer Overflow
by SkD
EIP-2026-117826 EXPLOITDB perl VERIFIED
RadASM 2.2.1.5 - '.rap' WindowCallProcA Pointer Hijack
by DATA_SNIPER
CVE-2008-5607 EXPLOITDB perl VERIFIED
JMovies 1.1 - SQL Injection via id Parameter
SQL injection vulnerability in the JMovies (aka JM or com_jmovies) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by StAkeR
CVE-2008-5586 EXPLOITDB perl VERIFIED
Check Up New Generation <4.52 - SQL Injection
SQL injection vulnerability in findoffice.php in Check Up New Generation (aka Check New) 4.52, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search parameter.
by CWH Underground
CVE-2008-6446 EXPLOITDB perl VERIFIED
CMS MAXSITE - Remote Code Execution via Guestbook Message Parameter
Static code injection vulnerability in the Guestbook component in CMS MAXSITE allows remote attackers to inject arbitrary PHP code into the guestbook via the message parameter.
by CWH Underground
CVE-2008-6381 EXPLOITDB perl VERIFIED
bcoos 1.0.13 - Authenticated SQL Injection via cid Parameter
SQL injection vulnerability in modules/adresses/viewcat.php in bcoos 1.0.13, and possibly earlier, allows remote authenticated users with Addresses module permissions to execute arbitrary SQL commands via the cid parameter.
by CWH Underground
CVE-2008-5405 EXPLOITDB perl VERIFIED
Cain & Abel <4.9.24 - Buffer Overflow
Stack-based buffer overflow in the RDP protocol password decoder in Cain & Abel 4.9.23 and 4.9.24, and possibly earlier, allows remote attackers to execute arbitrary code via an RDP file containing a long string.
by SkD
CVE-2008-5953 EXPLOITDB perl VERIFIED
KTP Computer Customer Database - Remote File Inclusion via Path Traversal in p Parameter
Directory traversal vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter to the default URI.
by CWH Underground
CVE-2008-7066 EXPLOITDB perl VERIFIED
OpenForum 0.66 Beta - Unauthenticated Password Reset via Direct Request
OpenForum 0.66 Beta allows remote attackers to bypass authentication and reset passwords of other users via a direct request with the update parameter set to 1 and modified user and password parameters.
by CWH Underground
CVE-2008-5636 EXPLOITDB perl VERIFIED
Lito Lite CMS - SQL Injection via cid Parameter
SQL injection vulnerability in cate.php in Lito Lite CMS, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by CWH Underground
CVE-2008-5180 EXPLOITDB MEDIUM perl VERIFIED
Microsoft Office Communicator - Denial of Service via SIP INVITE Request Flood
Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.
by Praveen Darshanam
CVSS 5.3
CVE-2008-5628 EXPLOITDB perl VERIFIED
little_cms 0.0.1 - SQL Injection via Index.php Term Parameter
SQL injection vulnerability in index.php in CMS little 0.0.1 allows remote attackers to execute arbitrary SQL commands via the term parameter.
by CWH Underground
CVE-2008-7069 EXPLOITDB perl VERIFIED
All Club CMS <= 0.0.2 - Exposure of Sensitive Information via Direct Request to accms.dat
All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database configuration information, including credentials, via a direct request to accms.dat.
by StAkeR
CVE-2008-5289 EXPLOITDB perl VERIFIED
Clean CMS 1.5 - SQL Injection via full_txt.php id Parameter
SQL injection vulnerability in full_txt.php in Werner Hilversum Clean CMS 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by JosS
CVE-2008-5282 EXPLOITDB perl VERIFIED
W3C Amaya Web Browser 10.0.1 - Buffer Overflow
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via (1) a link with a long HREF attribute, and (2) a DIV tag with a long id attribute.
by r0ut3r
CVE-2008-5282 EXPLOITDB perl VERIFIED
W3C Amaya Web Browser 10.0.1 - Buffer Overflow
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via (1) a link with a long HREF attribute, and (2) a DIV tag with a long id attribute.
by r0ut3r
EIP-2026-116422 EXPLOITDB perl VERIFIED
Total Video Player - 'vcen.dll' Remote Off-by-One Crash
by Cnaph
CVE-2008-7079 EXPLOITDB perl VERIFIED
Nero ShowTime 5.0.15.0 - Buffer Overflow via Long Entry in .M3U Playlist File
Buffer overflow in Nero ShowTime 5.0.15.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long entry in a .M3U playlist file. NOTE: this issue might be related to CVE-2008-0619.
by LiquidWorm
CVE-2008-7064 EXPLOITDB perl VERIFIED
Quicksilver Forums <= 1.4.2 - Remote Code Execution via Lang Parameter Backslash Bypass
Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a "\" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for "/" (forward slash), as demonstrated by uploading and including PHP code in an avatar file.
by girex
CVE-2008-5418 EXPLOITDB perl VERIFIED
PunPortal module - Path Traversal via pun_user[language] Parameter
Directory traversal vulnerability in login.php in the PunPortal module before 2.0 for PunBB allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter.
by StAkeR
CVE-2008-5220 EXPLOITDB perl VERIFIED
wportfolio < 0.3 - Unauthenticated Arbitrary File Upload via admin/upload_form.php
Unrestricted file upload vulnerability in admin/upload_form.php in wPortfolio 0.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in admin/tmp/.
by Osirys
CVE-2008-6952 EXPLOITDB perl VERIFIED
MauryCMS <= 0.53.2 - SQL Injection via Rss.php c Parameter
SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter.
by StAkeR
CVE-2008-5491 EXPLOITDB perl VERIFIED
slimcms < 1.0.0 - SQL Injection via edit.php pageID Parameter
SQL injection vulnerability in edit.php in SlimCMS 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the pageID parameter.
by StAkeR
CVE-2008-2214 EXPLOITDB perl VERIFIED
SNMPc < 7.1 - Stack-based Buffer Overflow via Long Community String in SNMP TRAP Packet
Stack-based buffer overflow in the Network Manager in Castle Rock Computing SNMPc 7.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long community string in an SNMP TRAP packet.
by Praveen Darshanam
By Source
All 2,809 Writeup 62,188 Exploitdb 50,076 Nomisec 22,383 Github 3,590 Metasploit 3,311 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,552 ruby 6,001 c 3,625 perl 2,849 html 2,074 php 1,333 bash 462 java 370 c++ 260 javascript 229 shell 131 go 73 postscript 25 typescript 25